February 10 meeting - Hacking with Backtrack and Metasploit

2011-01-30

When we deploy Linux servers on the Internet, they are exposed to the entire world, and they may be vulnerable to attacks. How can we know that they are secure?

As part of the security team at SAS, Ryan Linn tests systems against vulnerabilities, and he recommends ways to mitigate the risks. The tools that he uses are open source, and very sophisticated.

Ryan will introduce us to Backtrack4, the LiveCD with hacking in mind. He will show us how to use the tools to scan a network for vulnerable machines, test a target machine against a list of known vulnerabilities, and how to take control over a machine. PWN3D.

The world-wide Internet - you will never find a more wretched hive of scum and villainy. Backtrack4 is a must-have tool for anyone planning to put a computer into that environment.

UPDATE: An audio recording of this presentation can be accessed at: http://www.trilug.org/media/trilug-backtrack-and-metasploit-mtg-2011-02-10.wav


New SSL certificates for web & mail

2011-01-18

It's that time of year again. We have regenerated our SSL certificates for our web and mail servers. Most people will notice this when their email client tries to connect to "mail.trilug.org" (which is the server name that you should use). It will warn that the certificate has changed. The new mail certificate fingerprints are:

SHA1 = 92:8A:60:97:6C:A9:37:C7:67:E4:A7:65:92:2E:06:65:64:CD:A0:5F MD5 = DF:00:29:BB:0D:99:6F:BA:58:06:0A:86:9E:DD:9D:CB

Accept no imitations.


LUG Organizational Choices, Summary, 13 January 2011

2011-01-16

Ten years ago, TriLUG started operating as a North Carolina non-profit corporation, in order to accept hardware and monetary donations, in turn re-donating to schools and local LUGs, acting as an incubator for promoting Linux. Over time, Linux has become more mainstream, is accepted in the business world, and even used at schools. TriLUG's mission has therefore changed accordingly, to become more of an educational and social group for technology and Open Source. Although we're still devoted to education and outreach, our income and expenses are now related to pizza and meetings.

We are run by a Steering Committee whose membership changes by vote every year in May. This committee is a group of volunteers, which mean the committee members have a significantly limited amount of time and energy to invest in running TriLUG. These two facts have led to a problem that TriLUG now faces: Over time, the Steering Committee has focused it's efforts on finding meeting speakers, donors, sponsors, and pizza; and maintaining our online resources. The annual Steering Committee hand-offs and corporate bureaucratic tasks have taken a back seat, to the point that we have been delinquent in corporate paperwork and tax filings. In fact, we are just a hair's breadth from losing our NC non-profit status and our Federal EIN.

TriLUG is now faced with a decision, upon which we must vote. We must choose between one of two options.

Do we want to keep the non-profit corporate status which we've not really used nor needed as of late? If we choose this option, it means that we MUST spend the time and energy (and possibly even money) required to dig ourselves out of a deep paperwork hole in order to prove to the IRS and the State of North Carolina that we desire and deserve to keep the status. In order for this option to function, we must have volunteers (other than the current Steering Committee) who will stand up to do the necessary backlog work. In addition, future Steering Committees MUST be responsible for the bureaucratic tasks necessary for maintaining the non-profit corporate status.

On the other hand, do we opt to dissolve TriLUG as a corporation, and become an informal user group, handling money for pizza and speakers by using a DBA bank account? This choice allows our current and future Steering Committees to focus on providing speakers and pizza for meetings, and maintaining our online resources, and frees us from worrying about meeting (or failing to meet) corporate status requirements and performing the bureaucratic tasks necessary to maintain a non-profit corporation.

As you consider the two choices, keep in mind that TriLUG has no current need for non-profit corporate status, and that if we dissolve the corporation now, at any time in the future we decide we need it, we can do what is necessary then to re-incorporate. Also, consider that that at the organizational meeting held in December to to discuss these matters, the opinion of the majority of those attending was that we no longer need to be a non-profit corporation. Finally, if we choose to keep our current corporate status, it is imperative that those who choose this MUST stand up and invest themselves in making it happen, or the choice WILL fail!

Members of TriLUG, for which option will you vote?

If you would like to listen to the recording of the Organizational Meeting that was held on December 2nd, 2010, wherein our current status and viable options for action were discussed (keep in mind it was a long meeting, at 2 hours and 50 minutes), you can access the recording at:

http://www.trilug.org/media/trilug-organizational-mtg-2010-12-01.wav


January 13 meeting - RAID, LVM, LUKS

2011-01-02

In the Linux kernel, the "device mapper" serves as a generic framework to map one block device onto another. It forms the foundation of software RAID, Logical Volume Manager, and LUKS disk encryption. In this instructional presentation, the LUG's own Alan Porter will show how to use these three device mapper facilities.

RAID can be used to provide high availability disks to a service that can not tolerate downtime. Logical Volume Manager can be used to allocate storage space as needed, without regard for where the data is physically stored. And finally, LUKS allows you to encrypt the data that is stored on a physical disk.

Alan Porter is a long-time member of TriLUG, and he is currently serving on the steering committee. In other words, when he's not talking about Linux, he tries to recruit others to talk about Linux!

UPDATE: An audio recording of this presentation can be accessed at: http://www.trilug.org/media/trilug-device-mapper-mtg-2011-01-13.wav


Organizational meeting - December 2

2010-11-11

RESCHEDULED: Thursday, December 2, 2010


For the last ten years, TriLUG has been operating as a NC non-profit corporation. In the early days, that structure was necessary because the LUG accepted donated hardware and re-donated it to schools and local LUG's. Since then, Linux has become more mainstream, accepted at corporations, and sometimes even used at schools. And in that time, TriLUG's mission has changed significantly, from being an incubator to more of an educational/technical/social group.

We're still devoted to education and outreach, promoting the use of free and open source software. However, as a business, the main income and expenses that we maintain are related to pizza and meetings.

We are entirely a volunteer-run organization. The Steering Committee members dedicate a lot of time to putting together quality programs for the members to learn from and enjoy. But there is also an overhead associated with running the LUG, and that involves paperwork, taxes and corporate filings.

Complicating matters is the fact that we are run by a collection of volunteers that changes every year in May. As the LUG's leadership undergoes its annual transition, we rely on effective hand-off's. Over time, the Steering Committee has been focused on tactical problems: where to find speakers, the price of pizza, finding donors and sponsors. In the meantime, some of the hand-off's and administrative tasks have taken a back seat. In fact, we have sometimes been delinquent in some of our administrative duties. This is not a recent problem... it has persisted for several years.

The meeting on 12/2 is for interested LUG members to discuss the current state of the LUG as an organization, and to brainstorm on possible changes that might make reduce our administrative overhead. We will not be planning meeting content or sysadmin duties or other tactical things -- this meeting is strategic. It's the boring stuff -- paying taxes, filing paperwork.

The "fun" stuff -- meetings, events, technical discussions, and so on -- will continue as normal.

DATE - Thursday, December 2, 2010 TIME - 7:00pm LOCATION - RedHat HQ ROOM - Cafeteria / Conference Room (where we normally meet) DIRECTIONS - http://www.redhat.com/about/contact/ww/americas/raleigh.html

UPDATE: A full audio recording (2hrs, 50mins) of the meeting can be found at: http://www.trilug.org/media/ trilug-organizational-mtg-2010-12-01.wav


December 9 meeting - Appliance Workshop

2010-11-11

NOTE - THE DECEMBER MEETING WILL NOT BE AT RED HAT. IT WILL BE AT SPLAT SPACE IN DURHAM. STARTS AT 7PM.

MAP - http://splatspace.org/location/

Every year, we try to do something a little different for our December "holiday" meeting. This year is no exception.

We will be meeting at Splat Space, the newly-formed "hackerspace" in Durham. This meeting will be an interactive hands-on workshop, with a handful of demo stations that each showcase one Linux-based "appliance". For example, we'll show:

  • BackupPC - Take an old PC and put a large hard disk on it, and let it handle your backups.
  • MythTV - Watch and record TV using a Linux PC.
  • Asterisk - Have your own PBX, with voice mail and call routing.

If you are interested in a particular topic, or if you would like to volunteer to run one of the demo stations, sign up on the wiki --> http://trilug.org/wiki/Meeting:2010_December_9


November 11 meeting - Open Source Software for Musicians

2010-11-01

Have you ever wanted to use your computer to record or play music?

In the old days, it took a studio full of equipment to produce and record music. But now, the required tools are much more affordable, and can easily fit into a home studio. There is a wide selection of very robust audio applications that run on standard PC hardware, and many of them are FREE ("free" as in "beer" -- but also as in "freedom").

Adam Drew has been playing and recording music on and with computers for 15 years. He was introduced to free and open source software when he went to work at Red Hat, where he does filesystem and cluster support.

Adam will show how anyone can use Linux-based software to produce studio-quality music. We'll look at what tools are available, how they work together, and we'll see and hear them in action. We'll also learn a bit about what community resources are available for learning more about the tools and technology so that you can get plugged in and start making music at home and get your questions answered when they come up.

Come join us for a lively toe-tapping demonstration!

--

Adam invites you to take a look at (and edit) his audio knowledgebase at http://LinkedListCorruption.com/audio-kbase . And if you need to reach him personally, send him an email at adam@LinkedListCorruption.com .

We would also like to thank our meeting sponsor, Uzoma Nwosu from the Signal Foundation (www.signalfest.com).

UPDATE: An audio recording of this presentation can be accessed at: http://www.trilug.org/media/trilug-OSS-for-musicians-mtg-2010-11-11.wav

Also, a text copy of Jym Williams Zavada's meeting notes can be had at: http://www.trilug.org/~jrwz/2010-11-11-mtg-notes.txt


October 14 meeting - Apache ModSecurity

2010-10-06

Time & Place: October 14, 2010, 7pm, at Red Hat HQ

Title: Introduction to ModSecurity, the Open Source Web Application Firewall

About this talk:

So your web server listens on port 80 and your firewall blocks most everything else. Secure, right? How about that port 80? Do you trust your application code? Is your server patched? Are your developers really more clever than the folks who want to break in? Is security even on the mind of your developers?

Our traditional firewalls (packet filters) may have narrowed the field to HTTP, but crackers and worms have responded by refocusing their efforts directly at HTTP. Worse yet, most packet filters think all HTTP requests look legitimate. What's your next line of defense?

This presentation introduces ModSecurity, a web application firewall (WAF). ModSecurity is open source, mature, stable, flexible, and updated frequently. It can run embedded in Apache or as a reverse proxy in front of any traditional web server. It is highly discriminating and it definitely understands HTTP at a deeper level than your packet filter.

Come learn how to get started with ModSecurity. You'll be glad that you did.

About the presenter:

Cristóbal Palmer, a long-time member of the TriLUG Steering Committee, just finished his MSIS at UNC Chapel Hill, where he is a Systems Administrator with ibiblio.org. He also works with Caktus Consulting Group, a local django development shop.


[TriLUG]

The Linux Users Group of the Triangle. Serving Raleigh, Durham, Chapel Hill, and RTP.

Sponsors

Our monthly meetings are hosted by:



Dr. Warren Jasper



Hosting Sponsor

Hosting for TriLUG's infrastructure is provided by:

NetActuate


3D Printed "TriTuxes" provided by:
Brian Henning